[Bastille-linux-users] My ISP is scanning me!
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
From: Toby J. <to...@to...> - 2002-04-05 15:39:32
|
Psad says that my ISP (attbi.com, I go through insightbb.com) is scanning me. They have scanned UDP and TCP ports in the 33000-34000 range so far, from to different IP's (204.127.198.4 and 63.240.76.4). The problem is that these are also their DNS servers. So the question is, if I block all incoming packets from them, will that affect my ability to use DNS at all? Also, how would I set this up in my Bastille config file? I see sections on blocking services, but not hosts. My understanding is that /etc/hosts.deny is only honored for services that are "wrapped" with tcpd, which Apache, my FTP server, etc. are not. What's the best solution here? tia, toby |